Re: Loopback as primary DNS

Hello yaro137,

Basically the loopback address is used for testing perpose. It will immediately
send the signal back to itself, which of course works on a DNS server as
pointing to itself. Also after promotion a server to DC/DNS, it changes automatically
to the loopback ip address to make sure it has a valid DNS server configured
as preferred on the NIC. So it doesn't need to know the real ip address.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> On Nov 6, 11:37 am, Meinolf Weber [MVP-DS] <meiweb@(nospam)gmx.de>
> wrote:
>
>> Hello yaro137,
>>
>> Got it. Was a bit blind with loopback ip address. If you have
>> multiple servers
>> in your network use always the real ip address of the server instead.
>> If
>> you have multiple DNS servers configure them also as secondary on the
>> NIC
>> for redundancy.
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!!http://www.blakjak.demon.co.uk/mul_crss.htm
>>> On Nov 6, 10:34 am, Meinolf Weber [MVP-DS] <meiweb@(nospam)gmx.de>
>>> wrote:
>>>
>>>> Hello yaro137,
>>>>
>>>> Loopback? What do you mean with this? Please describe more details
>>>> about your setup, amount of servers and there roles and what you
>>>> are trying to achive at the end including OS version and SP/patch
>>>> level.
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers
>>>> no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!!http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> What could go wrong when we use it? Does the same apply to small
>>>>> networks with one server only assuming that in both cases the DNS
>>>>> server has two NICs?
>>>>> yaro
>>> I mean sticking 127.0.0.1 as the primary DNS server's address on the
>>> internal face NIC's properties page of the server that runs DNS.
>>> yaro
>>>
> This is what I do as Microsoft's recommended best practice. I'm just
> wandering what could be the drawbacks. Thanks again.
> yaro

On 11/9/2009 4:52 AM, yaro137 wrote:
> Yes, that's the thing, it does it automatically. I asked as I heard
> from a pretty good source that it's not a good practice and many
> admins do the mistake of leaving it this way. Unfortunately I had no
> opportunity to ask that person why is that.

I think it's a good idea to have an AD DC that is also a DNS server use
the loop back (or other similar things explained below). Mainly b/c DNS
will fail to start if the NIC is not plugged in or other wise does not
have link. This means that AD will come up with out DNS which is (in my
opinion) all about broken.

To help solve this, AD DCs with DNS will use the Loopback IP of
127.0.0.1 as an IP address that is guaranteed to be up and accessible.

along these same lines, I have been known to install the Microsoft
Loopback Adapter (not the internal adapter less virtual address that is
127/8 to Windows) and assign a static IP to it and use that as a DNS
server (as well as other things that can be routed to).



Grant. . . .

Hello Grant,

If the NIC is broken it doesn't matter which ip address is used, in my opinion.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> On 11/9/2009 4:52 AM, yaro137 wrote:
>
>> Yes, that's the thing, it does it automatically. I asked as I heard
>> from a pretty good source that it's not a good practice and many
>> admins do the mistake of leaving it this way. Unfortunately I had no
>> opportunity to ask that person why is that.
>>
> I think it's a good idea to have an AD DC that is also a DNS server
> use the loop back (or other similar things explained below). Mainly
> b/c DNS will fail to start if the NIC is not plugged in or other wise
> does not have link. This means that AD will come up with out DNS
> which is (in my opinion) all about broken.
>
> To help solve this, AD DCs with DNS will use the Loopback IP of
> 127.0.0.1 as an IP address that is guaranteed to be up and accessible.
>
> along these same lines, I have been known to install the Microsoft
> Loopback Adapter (not the internal adapter less virtual address that
> is 127/8 to Windows) and assign a static IP to it and use that as a
> DNS server (as well as other things that can be routed to).
>
> Grant. . . .
>

"Grant Taylor" <> wrote in message
news:hdg9g5$942$...
> On 11/9/2009 4:52 AM, yaro137 wrote:
>> Yes, that's the thing, it does it automatically. I asked as I heard from
>> a pretty good source that it's not a good practice and many admins do the
>> mistake of leaving it this way. Unfortunately I had no opportunity to ask
>> that person why is that.
>
> I think it's a good idea to have an AD DC that is also a DNS server use
> the loop back (or other similar things explained below). Mainly b/c DNS
> will fail to start if the NIC is not plugged in or other wise does not
> have link. This means that AD will come up with out DNS which is (in my
> opinion) all about broken.
>
> To help solve this, AD DCs with DNS will use the Loopback IP of 127.0.0.1
> as an IP address that is guaranteed to be up and accessible.
>
> along these same lines, I have been known to install the Microsoft
> Loopback Adapter (not the internal adapter less virtual address that is
> 127/8 to Windows) and assign a static IP to it and use that as a DNS
> server (as well as other things that can be routed to).
>
>
>
> Grant. . . .


I don't necessarily agree with using the loopback due to various reasons,
one of which is the reverse registration. Besides, if the IP address is not
upu and accessible, then it means the network will be down, then how will
the registration attempt be sent to DNS anyway? I also don't agree with
installing the loopback adapter to circumvent this.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

On 11/12/2009 10:02 AM, Ace Fekay [MCT] wrote:
> I don't necessarily agree with using the loopback due to various
> reasons, one of which is the reverse registration. Besides, if the IP
> address is not upu and accessible, then it means the network will be
> down, then how will the registration attempt be sent to DNS anyway? I
> also don't agree with installing the loopback adapter to circumvent
> this.

Maybe it's just been my poor luck that I've had to deal with multiple
small offices / networks that could not get their server to boot up
correctly (b/c AD could not query DNS) when their switch was down (for
what ever reason). In these cases servers that would normally take 5
minutes to boot from power on would take 15 or more because they could
not query DNS b/c the network card did not have link. At least with the
Microsoft Loopback Adapter installed and up, the DNS server would come
up and AD could find DNS like it needed to.

I think my usage scenario may have more to do with the size of networks
that I work with. If I were working on a larger network with multiple
servers I agree that this is a sub-optimal solution.



Grant. . . .

In message <hdoe7k$s15$> Grant Taylor
<> was claimed to have wrote:

>On 11/12/2009 10:02 AM, Ace Fekay [MCT] wrote:
>> I don't necessarily agree with using the loopback due to various
>> reasons, one of which is the reverse registration. Besides, if the IP
>> address is not upu and accessible, then it means the network will be
>> down, then how will the registration attempt be sent to DNS anyway? I
>> also don't agree with installing the loopback adapter to circumvent
>> this.
>
>Maybe it's just been my poor luck that I've had to deal with multiple
>small offices / networks that could not get their server to boot up
>correctly (b/c AD could not query DNS) when their switch was down (for
>what ever reason). In these cases servers that would normally take 5
>minutes to boot from power on would take 15 or more because they could
>not query DNS b/c the network card did not have link. At least with the
>Microsoft Loopback Adapter installed and up, the DNS server would come
>up and AD could find DNS like it needed to.

What difference does it make if your server takes 5 minutes or 15
minutes to boot when the NIC is disconnected? Do you regularly boot
your server without a network connection?

Admittedly the delay can be annoying on those one off cases where you
really do need to boot a system without a network connection, but
balanced against the annoyances of not having dynamic registration
working consistently, I'll take the longer boot time.

On 11/15/2009 5:44 PM, Dave Warren wrote:
> What difference does it make if your server takes 5 minutes or 15
> minutes to boot when the NIC is disconnected? Do you regularly boot
> your server without a network connection?

It's not so much the delay that I have a problem with as it is the
system being in an inconsistent / unhappy state when it finally gets
booted up.



Grant. . . .

"Grant Taylor" <> wrote in message
news:hdqcvt$7io$...
> On 11/15/2009 5:44 PM, Dave Warren wrote:
>> What difference does it make if your server takes 5 minutes or 15 minutes
>> to boot when the NIC is disconnected? Do you regularly boot your server
>> without a network connection?
>
> It's not so much the delay that I have a problem with as it is the system
> being in an inconsistent / unhappy state when it finally gets booted up.
>
>
>
> Grant. . . .


Curious, why would the switch not have power and the server does? I figure
the switch would boot up and be ready way before the server, assuming the
switch and server are either on the same UPS or different UPS that all power
back up after a power outage. Are the switch and servers on the same
electrical feed (to the building)?

Ace

On 11/16/2009 12:56 AM, Ace Fekay [MCT] wrote:
> Curious, why would the switch not have power and the server does? I
> figure the switch would boot up and be ready way before the server,
> assuming the switch and server are either on the same UPS or
> different UPS that all power back up after a power outage. Are the
> switch and servers on the same electrical feed (to the building)?

The first time I ran in to this was while rebooting a server to diagnose
a weird problem that ended up being a locked up switch. The catch was
that the reboot that the client did before I walked in the door had us
waiting 15 - 20 minutes and the one that I did had me waiting again.

With regards to switches being battery backed, it depends on the
capacity of the UPS and what the client wants. Some of my clients are
of the opinion that if the power is out, the workstations can't get to
the server, so devote that battery power to keeping the server up longer
before initiating a shut down.

I have also run in to this when working on servers at my office where I
don't want the NIC plugged in to the network b/c of a DHCP server conflict.

In the end I've found that having the Microsoft Loopback Adapter to be
good for a number of different things. The fact that the DNS server
will have an always up (unless I disable it) interface was a bonus.



Grant. . . .

In message <he56a4$l8e$> Grant Taylor
<> was claimed to have wrote:

>In the end I've found that having the Microsoft Loopback Adapter to be
>good for a number of different things. The fact that the DNS server
>will have an always up (unless I disable it) interface was a bonus.

Wouldn't that effectively multihome the machine, and bring with it all
those related hassles?